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DIA^Tp g thC reC6nt DUS °W ins pection of 

DIA SAPmanagementprocedures, the comment 

was made that each program’s security plan 
hould contain procedures for reportfng, 
vestigatmg, and resolving security violations’ 
Security violation” is a commonly used 
term that implies a loss or compromise of 

classiftedinformationandsubsequemcoirective 

or disciplinary action. 

nrofedt^T am ’ S securi, 5'P ,a " should contain 
procedures for reporting, investigating, and 
resolving security violations. 

Procedures used in investigating and 

taforaa", 8 P0SSib,e COm P roinis « of classified 
wfomtatton ^explained in DoD 5200 . 1 -R and 

o , , , 2 ' rhe DIA SAP Manual, DIAM 56- 

dL ible’ r° mm ™ fUnher guidance f o r when the 
possible compronttse involves SAP material 

take m t 8 iS a brief of steps to 

take to report a possible security violation 

tnvolvtngSAP material (refer to abovereferences 

for a complete explanation): S 

\ Rep ° n - ff y° u suspectthatSAP information 
security offlc 11 htfottn theprogram 

contpromise 

Program control officer will i„f orm Ds . 

TlK P r °8 ram control officer 
sures that a preliminary inquiry is conducted. 

The program director and the OSC VADD 
review the results of the preliminaiy inquiry to 
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determine whether a compromise took place, to 
determine if any further investigation is 
necessary, to correct any systemic problems that 
may h a ve contributed to the violation, and to 
direct a damage assessment if appropriate. 

3 -Resolve. A final report of the investigation 
1S made to the DIA SAPOC which may 
recommend further remedies and relief from 
accountability of any lost materials. 

While few security violations result in a 
compromise, all violations should be reported 
and investigated. The violation not reported 
may do the most damage. 

are not in your security plan, include them when 
the manual is updated. 
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Reporting Security Violations 


During the recent DUSD(SP) inspection of 
DIA S AP management procedures, the comment 
was made that each program’s security plan 
should contain procedures for reporting, 
investigating, and resolving security violations. 

Security violation” is a commonly used 
term that implies a loss or compromise of 
classified information and subsequent corrective 
or disciplinary action. 


Each program’ s security plan should contain 
procedures for reporting, investigating, and 
resolving security violations. 


Procedures used in investigating and 
resolving possible compromises of classified 
information are explained in DoD 5200. 1 -R and 
DIAR 50-2. The DIA SAP Manual, DIAM 56- 
3 (draft), contains further guidance for when the 
possible compromise involves SAP material. 

The following is a brief summary of steps to 
take to report a possible security violation 
involving SAP material (refer to above references 
for a complete explanation): 

1. Report. Ifyou suspect that SAP information 


may have been cojgjgqnjrised, inform the program 

. 


security officer 
the OSC VADD 
compromise invo 


trol officer and 
f the suspected 
computer security, the 


mm 

volves comnute 


program control officer will inform DS. 

2. Investigate. The program control officer 
ensures that a preliminaiy inquiry is conducted. 
The program director and the OSC VADD 
review the results of the preliminary inquiry to 


determine whether a compromise took place, to 
determine if any further investigation is 
necessary, to correct any systemic problems that 
may have contributed to the violation, and to 
direct a damage assessment if appropriate. 

3. Resolve. A final report of the investigation 
is made to the DIA SAPOC which may 
recommend further remedies and relief from 
accountability of any lost materials. 

While few security violations result in a 
compromise, all violations should be reported 
and investigated. The violation not reported 
may do the most damage. 

If procedures for reporting security violations 
are not in your security plan, include them when 
the manual is updated. 
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